New Gmail Phishing Attack Can Fool Even Tech-Savvy Users

A new phishing campaign is targeting Gmail users all over the world. To be more precise, criminals are looking to obtain Gmail login credentials, in the hopes of using these accounts across other platforms as well. So far, this technique has proven to be highly efficient, and the new campaign even succeeds in tricking tech-savvy users into giving up their credentials. A very troublesome development, and a threat to keep an eye on.

Beware Of The Latest Gmail Phishing Attack

An unknown attacker – or group of criminals – are sending emails to all Gmail accounts they can find. Some of these messages are spoofed to represent a known sender, although that is not always the case. If that is the case, however, it means the account sending this email has been compromised by this attack. Other users have reported the message containing an image to make the sender seem legitimate.

Once a user clicks on this image, a new tab opens in their browser. In this new tab, the user is asked to log in to Gmail again, which should serve as a warning sign to tech-savvy users. However, looking at the address bar, everything seems to be in order, unless one knows what to look out for.  This is the stage during which the login credentials will get compromised.

Attackers who obtain this login information will sign in to the Gmail account in question, and try to send emails to everyone in your contact list. Every email sent will include an image to make it seems like the message was sent by the compromised account, along with a regular subject line. For all intents and purposes, the recipients will think this is a normal email message, which is what makes this phishing campaign so successful




Unfortunately, compromised Gmail accounts are a treasure trove for criminals these days. By accessing a hacked account, the criminals gain access to all emails, as well as any other service linked to this email address. Any site using a password reset mechanism becomes a new target, allowing the crooks to compromise a wide variety of services. Even two-factor authentication services linked to this email address will be affected.

Thankfully, there are some easy ways to protect oneself from this phishing attack. First of all, it is important to take a closer look at the address bar in the new tab that opens in your browser. This phishing campaign uses a data URI, which results in a “Data: Text/HTML” snippet in front of the address bar.  Anyone spotting this must realize this tab is a downloaded file presenting a fake Gmail account login page and is not an actual website.

Unfortunately, it appears Google is not planning to undertake action against this phishing scam. The company takes no responsibility for users not looking at the address bar. No modifications will be made to the Chrome browser to prevent this type of attack either.  However, Google has modified the behavior of the address bar in the past, and there is no reason why they couldn’t do so again. Then again, it is up to potential victims to spot a phishing scam in the first place.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.